[gnutls-help] about ecnrypting pkts with lenght 0

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Wed Mar 27 08:23:10 CET 2019


On Tue, 2019-03-12 at 13:13 +0000, Andrea Dal Bo wrote:
> Hi,
> recently we moved from gnults 2.13.23 to gnutls 3.6.5.
> By doing this I encountered an issue with applications using the
> library. In fact it happens that the our TR-069 agent is sending pkts
> over https by means of gnutls_record_send. It might happens that
> gnutls_record_send is called with data_size=0.  This was accepted in
> the older gnutls 2.13.23.
> With gnutls 3.6.5 it is not. In fact gnutls_record_send calls
> gnutls_record_send2 with pad=0, and subsequently
> _gnutls_send_tlen_int  that verifies that if both data_size and pad
> are 0 returns GNUTLS_E_INVALID_REQUEST (record.c line 492).

Hi,
 What is your goal with this behavior? The library tries to protect
against incorrect use of it, and sending zero-byte packets was probably
one of them (they are used for specific purposes in the protocol and
can confuse the peer).

> I tried to modify the application to add a padding>=1 in case of
> data_size=0 by calling  gnutls_record_can_use_length_hiding. In fact
> even if this function was returning 1, the subsequent call of
> gnutls_record_send2 was still returning GNUTLS_E_INVALID_REQUEST. In
> fact the discrimination was that tls1.3 handshake semantics was set
> to false. That is a bit misleading, IMHO.  

I am not sure I understand this, what do you mean here?

btw. if you think that's a bug it is easier to bring on the issue
tracker (I do not follow the help list much, and I think that's the
same with other developers).

regards,
Nikos





More information about the Gnutls-help mailing list